Is 3110 Lab 7

event of a catastrophic disruption (fire) or disaster (hurricane) and a major IT or data center outage occurs

Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency. A BIA is an essential component of an organization's business continuance plan; it includes an exploratory component to reveal any vulnerabilities and a planning component to develop strategies for minimizing risk.

Create an implementation plan in which you recommend ways of implementing, monitoring and adjusting the BCP.

Do all critical employees understand their role should an outage/disaster occur? Are there third party vendors that need to be considered in the BIA? Is there an alternate site available, should the current building not survive? Is data stored at an off-site facility?

5. Of the three Systems/Application Domain risks, threats, and vulnerabilities identified, which one requires a disaster recovery plan and business continuity plan to maintain continued operations during a catastrophic outage? The mainframe or complete data loss. This should have an extensive DRP.

The purpose of the disaster recovery plan is to ensure the process of recovering mission critical systems has a plan of action in case of a disaster. The disaster recovery plan makes sure all the steps to bring up the critical to less critical systems

The first order of business is development of a Business Continuity Plan (BCP) it is vital to first understand the business processes and its impact on the DLA and DOD. While not all tasks and processes are deemed critical, all of the inter-related operations of the DLIS are requisite to service the mission.

Availability keeps data and resources available for authorized use, especially during emergencies or disasters. This policy will address common challenges to availability. Denial of Service this is due to intentional attacks or because of undiscovered flaws in implementation. The policy will address loss of information system capabilities because of natural disasters. The policy will also focus on equipment failures during normal use.

Firstly, Disaster Recovery, this is a procedure that needs to be implemented in the case an accident occurs within an organisation that may result in the loss of data, for example fire/ water damage. This is when a plan needs to be applied to allow the recovery of data; an example of this could be recovering the backup files, installing new equipment and uploading the backup on the new network. For this to be effective this recovery policy relies on backups to be done regularly, otherwise recovery would not be eligible. The disaster recovery policy is highly beneficial and important as it saves not only the organisation but their money and reputation.

Primary IT systems and data center, regional utility failure. All critical business operations moved off-site. Large-scale work-from-home/alternate site and remote access. All operations resume on-site in <30 days or a new site is required. Category-III type systems and application are desirable for carrying out least critical business operation and the plan will list them.

As part of our disaster recovery plan, we have configured one of the servers as a backup that contains a complete backup of the primary server. The backup server will be configured so that if the primary server fails, then the backup server will come online, so that there will be no interruption in service. Each week we will test the backup server to ensure that all the files are readable and accessible. Then, once a month we will test the recovery plan creating a failure to make sure the backup server comes online.

When performing a BIA, you are trying to assess and align the affected IT systems, applications, and resources to their required recovery time objectives (RTOs). The

Disasters have become an inevitable part of businesses and organizations as well. They not only have a major effect on business and organizational continuity; they also result to an overhaul in organizational operational mechanisms (Awasthy, 2009). It is for this reason that many organizations and business resort to preparing business continuity plans and disaster recovery plans that will facilitate better disaster management in future. Effective disaster recovery plans are important to every business and organization (Thejendra, 2008).

As a consultant brought into an organization concerned about business continuity I would recommend to first perform a Risk Assessment Analysis and/or Business Impact Analysis (BIA). Conducting a business impact analysis will allow an organization to know the system or application’s downtime tolerance. The analysis will identify all systems and applications that can experience little to no downtime. Conducting risk assessment analysis will allow the organization to identify all the risks at the beginning and during the life of the organization, and grade the risks in terms of likelihood of occurring and seriousness of impact on the organization. Either analysis is an excellent tool and will result in the beginning creations of disaster recovery and business continuity planning. If using the BIA method a good first step is identifying the business’ most crucial systems and processes to assess what effect the outages will have on the business. All systems or applications should have a back-up location offsite to ensure business continuity. The higher the impact the more money a company should spend in order to quickly gain restoration of their business.

We worked with the utility to perform a BIA to identify critical business processes, the likelihood of service disruption, and the projected cost of loss. We then helped the utility understand the business risks of systems and technology services interruption.